Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
please project please vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-44570
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applicati...
Rack Project Rack
7.5
CVSSv3
CVE-2022-44571
There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an malicious user to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount o...
Rack Project Rack
7.5
CVSSv3
CVE-2022-44572
A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an malicious user tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulti...
Rack Project Rack
8.8
CVSSv3
CVE-2023-22794
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds ann...
Activerecord Project Activerecord
7.5
CVSSv3
CVE-2023-22796
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large am...
Activesupport Project Activesupport
6.5
CVSSv3
CVE-2023-24808
PDFio is a C library for reading and writing PDF files. In versions before 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in t...
Pdfio Project Pdfio
7.5
CVSSv3
CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz up to and including 6.0.0 allows malicious users to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
Harfbuzz Project Harfbuzz
Fedoraproject Fedora 36
7.5
CVSSv3
CVE-2023-24038
The HTML-StripScripts module up to and including 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.
Html-stripscripts Project Html-stripscripts
Debian Debian Linux 10.0
7.8
CVSSv3
CVE-2023-22809
In Sudo prior to 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local malicious user to append arbitrary entries to the list of files to process. This can lead to p...
Sudo Project Sudo 1.9.12
Sudo Project Sudo
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Apple Macos
11 Github repositories
7.5
CVSSv3
CVE-2022-41966
XStream serializes Java objects to XML and back again. Versions before 1.4.20 may allow a remote malicious user to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash co...
Xstream Project Xstream
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »